diff options
author | ene <ene@sils.li> | 2023-04-07 22:02:24 +0200 |
---|---|---|
committer | ene <ene@sils.li> | 2023-04-07 22:29:21 +0200 |
commit | cb92ffc878fcb417bd66b3b30ef1ff189a5aa44c (patch) | |
tree | f9cb9f6c0a85f9b7f973288423f3f47900d0ea46 | |
parent | Fix(system/services/rust-motd): Quote ssl-cert names (diff) | |
download | nixos-server-cb92ffc878fcb417bd66b3b30ef1ff189a5aa44c.tar.gz nixos-server-cb92ffc878fcb417bd66b3b30ef1ff189a5aa44c.zip |
Fix(system/mail): Allow opening ports in the firewall
As the previous configuration only opened some ports, receiving mail was impossible. This allows NSM to open the required ports directly, ensuring that none was missed. SECURITY: As all other options than SSL are still disabled, this change should not introduce unencrypted mail transfer. This has not been tested.
-rw-r--r-- | system/mail/default.nix | 2 | ||||
-rw-r--r-- | system/services/default.nix | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/system/mail/default.nix b/system/mail/default.nix index d2fd55c..b1da088 100644 --- a/system/mail/default.nix +++ b/system/mail/default.nix @@ -42,7 +42,7 @@ in { # SMTP enableSubmission = false; enableSubmissionSsl = true; - openFirewall = false; # handled below + openFirewall = true; keyFile = "/var/lib/acme/server1.vhack.eu/key.pem"; certificateScheme = 1; diff --git a/system/services/default.nix b/system/services/default.nix index 5d9e5b6..6e5cb3c 100644 --- a/system/services/default.nix +++ b/system/services/default.nix @@ -1,7 +1,7 @@ {config, ...}: { imports = [ ./acme - ./firewall +# ./firewall #./minecraft ./nginx ./nix |